Security

A new level of security for new investing experiences

SnapTrade ensures a safe connection experience so users can engage endlessly and care-free with any app who consumes our API.

While exploring new investing experiences, users want the kind of security that reassures them the path they are on is safe. This starts with protecting their financial information - how it is accessed, from where, and most importantly, who it is shared with. SnapTrade wants to help build new investing experiences - but we wouldn’t dare skimp on the things that matter.

security for new investing

SnapTrade has two types of API integrations: official and bespoke.

Official or OAuth connections

SnapTrade’s default connection approach is the official connection. Official connections are OAuth to brokerages with open API’s. For official integrations, we use OAuth2 connections to avoid storing user login credentials.

OAuth connection

Bespoke connections

For all other integrations, we use bespoke connections that are reverse-engineered from brokers that do not have open APIs. For these connections, we store credentials encrypted with AWS KMS.

Bespoke connections

SnapTrade is trusted to keep data secure every step of the way.

40 apps trust SnapTrade to protect the data in their chain

Apps trust SnapTrade to protect the data in their chain

Connected accounts are secure with SnapTrade

5B USD in total value of assets are entrusted to SnapTrade

Total value of assets are entrusted to SnapTrade

SnapTrade has a simple data security philosophy

User data belongs to the user

SnapTrade doesn't touch user data without their permission, which is authenticated only when they log in to their brokerage.

data belongs

User password integrity is our primary goal

We only store credentials when it is essential to the user experience. For bespoke connections, we store and encrypt credentials with AWS KMS. And most important, we never, ever share these credentials.

password integrity

User data is secured in transit, at rest, and 24/7

Before, during, and after data goes on the move from a broker to an app, SnapTrade encrypts it for maximum security.

transit

The Data Journey with SnapTrade

1.

User investment data lives at the brokerage. To fetch that data, a user must permit SnapTrade to retrieve it.

2.

From the app platform, a user connects to the SnapTrade connection portal and identifies their brokerage.

3.

The user authenticates themselves by logging into their account via the connection portal. Support for 2FA is enabled to ensure account safety.

4.

SnapTrade securely connects the user brokerage account to the app.

5.

SnapTrade establishes a persistent and secure connection from the user brokerage account to the app.

6.

SnapTrade fetches and then encrypts the brokerage account data in transit.

7.

The account data syncs with the app.

8.

The data populates the app to be engaged with for a full user experience.

9.

When the user is offline, the user data is regularly synced to the app as it changes at the broker level, encrypted in transit.

SnapTrade is aligned with the highest standards for data security

For the collection, processing, and maintenance of data, as well as protecting the data itself

SnapTrade has incorporated the standard of SOC-2 compliance.

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality, and privacy.

data security